The Research And Implementation Of The Defense Strategy Of Deep Learning Against Adversarial Attack

In recent years,deep learning technology has made excellent achievements in many fields,such as computer vision,natural language processing and speech processing,etc.,and more and more related applications appear,which brings a lot of convenience to people's life.However,deep learning is not only excellent,but also vulnerable to attack.The attack method can make the deep learning model make false prediction by adding some subtle perturbations to the original samples.This brings a huge security problem to the application of deep learning.However,most of the current defense strategies waste a lot of computing power for global filtering disturbance.In addition,most of the defense strategies can only deal with specific attack methods,with low universality.Therefore,in view of these shortcomings,this paper attempts to propose an efficient and universal defense strategy.In this paper,the following three aspects are studied in detail:(1)In this paper,we first analyze a variety of classic adversarial attack methods,and classify them according to the attack range.The common characteristics are abstracted from the classification,that is,there are sensitive points in the adversar ial perturbations,and the fluctuation of sensitive points affects the classification of deep learning model.Inspired by this,we propose a defense strategy that only filters the sensitive points in the adversarial samples,avoiding the processing of the nonsensitive points,reducing the calculation and improving the efficiency.(2)This paper studies the methods of finding and filtering sensitive points in detail.In order to improve the universality of the defense strategy,we propose a method to find sensitive points based on differential evolution algorithm.We use black box method to find sensitive points in the adversarial samples,avoiding the dependence on the structure and parameters of the deep learning model,which can be applied to the defense of the unknown model details and increase the universality.We propose a new method of filtering sensitive points,which takes the average value of the adjacent non-sensitive points around the sensitive points as the new value of sensitive points.This method is simple and efficient.We combine the two parts of finding and filtering sensitive points to form an efficient and universal defense strategy.(3)In order to verify the effectiveness and universality of the defense strategy proposed by us,we respectively tested the defense effects of FGSM,BIM and PGD attack methods on three deep learning models of Res Net,Alex Net and Le Net and two data sets of Cifar-10 and MNIST data.The experimental results show that the defense method we designed can effectively defend against different attack methods on different deep learning models and different data sets,which shows that the defense strategy we proposed has certain universality.